Module ssl_util

Description
Function Index
Function Details

Utility functions for SSL socket validation/certificate information parsing.

Introduced in: 30 Sep 2005 by Fredrik Thulin <ft@it.su.se>

Authors: Fredrik Thulin (ft@it.su.se).

Description

Utility functions for SSL socket validation/certificate information parsing.

Function Index

decode_ssl_rdnseq/1	Turn a rdnSequence into a list of {Key, Value} where Key is either the oid (integer() or tuple()) or, if ssl_pkix_oid could turn it into an atom, then an atom (like countryName).
get_ssl_peer_info/4	Try to get the SSL peer certificate using a socket.
is_acceptable_ssl_socket/5	Check if a socket is 'acceptable'.

Function Details

decode_ssl_rdnseq/1

decode_ssl_rdnseq(Other::RdnSequence) -> {ok, Tuples} | {error, Reason}

RdnSequence = term()
Tuples = {Key, Value}
Key = integer()
Value = string()
Reason = string()

Turn a rdnSequence into a list of {Key, Value} where Key is either the oid (integer() or tuple()) or, if ssl_pkix_oid could turn it into an atom, then an atom (like countryName).

get_ssl_peer_info/4

get_ssl_peer_info(Socket, Proto, IP, Port) -> {ok, Subject, AltNames} | {error, Reason}

Socket = term()
Proto = tls | tls6
IP = string()
Port = integer()
Subject = term()
AltNames = [string()]
Reason = string()

Try to get the SSL peer certificate using a socket. If that fails, we check if it was a client that connected to us and if clients are required to present a certificate. Returns either {ok, Subject}, or true/false saying if the socket should be considered valid or not.

is_acceptable_ssl_socket/5

is_acceptable_ssl_socket(Socket, Dir, Proto, Remote, Names) -> true | false

Socket = term()
Dir = in | out
Proto = tls | tcp
Remote = {IP, Port}
IP = string()
Port = integer()
Names = [string()]

Check if a socket is 'acceptable'. For SSL, this means verify that the subjectAltName/CN is included in Names.

Generated by EDoc, Oct 17 2007, 16:48:21.